METHOD FOR PROVIDING WEB APPLICATION SECURITY

US 20090292925A1
Filed: 04/11/2007
Published: 11/26/2009
Est. Priority Date: 04/13/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for an HTTP server to decide whether a remote client is victim of a phishing attack, comprising:

receiving a first HTTP request from the remote client on said HTTP Server;

responding to said first HTTP request, wherein a token is added to the response submitted to said remote client;

receiving a second HTTP request on said HTTP server;

judging whether the second HTTP request includes said token;

judging whether the token originates from said remote client;

processing the HTTP request when said remote client has really issued the second HTTP request.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for an HTTP server to decide whether a remote client is victim of a phishing ttack, comprising: —receiving a first HTTP request from the remote client on said HTTP Server; —responding to said first HTTP request, wherein a token is added to the response submitted to said remote client; —receiving a second HTTP request on said HTTP server; —judging whether the second HTTP request includes said token; —judging whether the token originates from said remote client; —processing the HTTP request when said remote client has really issued the second HTTP request.

109 Citations

16 Claims

1. A method for an HTTP server to decide whether a remote client is victim of a phishing attack, comprising:
- receiving a first HTTP request from the remote client on said HTTP Server;
  
  responding to said first HTTP request, wherein a token is added to the response submitted to said remote client;
  
  receiving a second HTTP request on said HTTP server;
  
  judging whether the second HTTP request includes said token;
  
  judging whether the token originates from said remote client;
  
  processing the HTTP request when said remote client has really issued the second HTTP request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16)
- - 2. The method according to claim 1, wherein said token is a digital signature.
  - 3. The method according to claim 2, wherein said digital signature is a cryptographic hash.
  - 4. The method according to claim 3, wherein said token is added to a referrer of said first HTTP request and it is judged, whether said HTTP request includes the referrer.
  - 5. The method according to claim 4, wherein a HTML warning page is returned, if said token does not match the client.
  - 6. The method according to claim 1, further comprising:
    - allowing the real emitter of an HTTP requests to access a resource.
  - 7. The method according to claim 6, wherein a HTTP Server access control is maintained by programming the client browser to store a token or a similar tag for use in later HTTP requests on the same server.
  - 8. Device for deciding whether a remote client is victim of a phishing attack, comprising a Web server and a module for implementing on said HTTP server and for carrying out the method according to claim 1.
  - 9. A computer program comprising computer program code means for performing the method of claim 1 when said program is run on a computer.
  - 11. A method for an HTTP server to decide whether a remote client is victim of a phishing attack according to claim 1, substantially as described herein with reference to the accompanying drawings.
  - 12. Device for deciding whether a remote client is victim of a phishing attack according to claim 8, substantially as described herein with reference to the accompanying drawings.
  - 13. The method according to claim 1, wherein said token is added to a referrer of said first HTTP request and it is judged, whether said HTTP request includes the referrer.
  - 14. The method according to claim 13, wherein a HTML warning page is returned, if said token does not match the client.
  - 15. The method according to claim 1, wherein a HTML warning page is returned, if said token does not match the client.
  - 16. The method according to claim 1, wherein a HTTP Server access control is maintained by programming the client browser to store a token or a similar tag for use in later HTTP requests on the same server.

10. A computer program as claimed in claim 10 embodied on a computer readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Original Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Inventors
Meisel, Alexander

Application Number

US12/296,062
Publication Number

US 20090292925A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

H04L 63/1475   Passive attacks, e.g. eaves...

H04L 63/1483   service impersonation, e.g....

H04L 63/168   above the transport layer

METHOD FOR PROVIDING WEB APPLICATION SECURITY

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR PROVIDING WEB APPLICATION SECURITY

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links